"CVE-2023-28204 Versions affected: WebKitGTK and WPE WebKit before 2.40.2. Credit to an anonymous researcher. Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds read was addressed with improved input validation. CVE-2023-32373 Versions affected: WebKitGTK and WPE WebKit before 2.40.2. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use-after-free issue was addressed with improved memory management." Please stabilize fixed 2.40.2 versions.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0071e39738ef940e932d4fd390f818454963056 commit a0071e39738ef940e932d4fd390f818454963056 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-07-16 14:36:52 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-07-16 14:37:15 +0000 net-libs/webkit-gtk: Drop old versions Bug: https://bugs.gentoo.org/907818 Bug: https://bugs.gentoo.org/909663 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 2 - .../webkit-gtk/files/2.40.0-respect-RUBY.patch | 30 --- ...-262461-main-b36decf27ea9-.-https-bugs.we.patch | 37 --- net-libs/webkit-gtk/files/2.40.1-gcc-13.patch | 21 -- ...-264395-main-4977290ab4ab-.-https-bugs.we.patch | 47 ---- net-libs/webkit-gtk/webkit-gtk-2.40.1-r410.ebuild | 258 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.1-r600.ebuild | 251 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.1.ebuild | 248 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.2-r410.ebuild | 259 --------------------- net-libs/webkit-gtk/webkit-gtk-2.40.2-r600.ebuild | 252 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.2.ebuild | 249 -------------------- 11 files changed, 1654 deletions(-)
